Saturday, February 23, 2013

Now is the time to start looking at Office 365 federated identity


One of the most difficult things to implement for cloud based systems is the concept of federated identity and Single Sign On (SSO). This means that a user only needs one set of credentials to log into the cloud or the local network. It also means that when they log in somewhere they are seamlessly logged into everything else they need.
Many local network users have taken for granted the fact that when they log into their local network (say Small Business Server) they are logged into the local machine, given access to files on the server, allowed to browse the Internet and more, all from a a single login.
Now, when users information is relocated to other systems, like the cloud, single sign on becomes much more challenging because you now have two (or more) completely separate systems that must trust each other first before they can share credentials between them. In the Office 365 world this was handled by Active Directory Federated Services (ADFS). When configured, this basically allowed the local network to ‘trust’ the cloud so users information could be passed securely between them.
Problem is that ADFS is really not a small business solution. It requires additional on site hardware as well a involved configuration process which was generally beyond most SMB resellers. Don’t get me wrong, ADFS is not impossible to implement in SMB but it certainly wasn’t a few clicks of the wizard.
For that reason, we have generally not seen a lot of Single Sign On (SSO) in SMB, yet there has been growing demand for a simpler solution. Personally, I now think we are about cross the Rubicon where SSO is a requirement. In that respect I would be suggesting NOW is the time to start looking at how to implement federation and SSO with cloud based systems. Sure, there aren’t a lot of solutions out there and many are complex but I think this will all change rapidly very soon. Get in early I say to lead the pack going forward.
So, my advice to SMB resellers and IT Professionals is to put aside what you have heard about ADFS and SSO and start investigating what they can offer. Have a look at third party options and two factor authentication. Most importantly keep you ear to ground on what changes are happening in the industry and be especially watchful of what Microsoft will bring to the table in the near future to greatly ease the pain of SSO in SMB.